search

GaloisInc / BESSPIN-Tool-Suite

The core tool of the BESSPIN Framework.
Other
5 stars 2 forks source link

CWE-761 Contains No Vulnerability #1237

Closed njshanahan closed 3 years ago

njshanahan commented 3 years ago

After the modification of test_761.c, the test no longer contains a vulnerability. See the develop branch, commit b603085.

The second test part is as follows.

contains_char('T');

The function searches the string Search! for the character T, which will not be found. Although the index i is incremented, the pointer str itself is never manipulated. Because the letter T is not found, the string str is freed on line 39. When this occurs, str still points to the beginning of the character buffer, meaning the correct address is freed.

FREE(str);

To contain a vulnerability, the test would need to either increment the pointer (str = str + 1), as was previously done in contains_char_malicious(), or free str[i].

FYI @austinhroach.

rtadros125 commented 3 years ago

Thanks. Opened #1238 to fix it.